Description
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
Exploits (1)
References (7)
Core 7
Core References
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/94141
Exploit, Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/60481
Exploit, Third Party Advisory x_refsource_misc
http://www.webera.fr/advisory-02-php-agenda-isql-exploit
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84938
Exploit, Issue Tracking mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Jun/67
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/121978/Simple-PHP-Agenda-2.2.8-SQL-Injection.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/26136
Scores
EPSS
0.0185
EPSS Percentile
83.2%
Details
CWE
CWE-89
Status
published
Products (28)
abeel/simple_php_agenda
0.1
abeel/simple_php_agenda
0.1.1
abeel/simple_php_agenda
0.1.2
abeel/simple_php_agenda
0.2.0
abeel/simple_php_agenda
0.2.1
abeel/simple_php_agenda
0.2.2
abeel/simple_php_agenda
0.2.3
abeel/simple_php_agenda
0.2.4
abeel/simple_php_agenda
0.2.5
abeel/simple_php_agenda
0.2.6
... and 18 more
Published
Mar 11, 2014
Tracked Since
Feb 18, 2026